package ctm.javacode;

import java.io.* ; 
import java.util.*;
import java.sql.*;

import javax.naming.NamingException;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

@WebServlet("/editData.do")

public class editData extends HttpServlet {

	private final String SUCCESS_VIEW = "main.jsp"; 
	private final String ERROR_VIEW = "editDataError.jsp"; 
	
	protected void doPost(HttpServletRequest request,
								HttpServletResponse response )
								throws ServletException, IOException {
		
		HttpSession session = request.getSession();
		String nextpage = ERROR_VIEW;
		String name = (String) session.getAttribute("login");
		String oldpw = request.getParameter("pw");
		String pw = request.getParameter("newpw");
		String repw = request.getParameter("renewpw");
		String mail = request.getParameter("mail");
		
		List<String> errors = new ArrayList<String>() ;
			
		if (isInvalidPW( pw ))
			errors.add("密碼無效");
		if ( ! pw.equals(repw))
			errors.add("密碼不一致");
		if (isInvalidMail( mail ))
			errors.add("E-mail格式錯誤");
		
		if ( errors.isEmpty() ) {
			nextpage = SUCCESS_VIEW ;
			try {
				if ( !updateUserDataAndTestUesrPW( oldpw, pw, mail, name ) ) {
					errors.add("密碼無更動");
					request.setAttribute("errors", errors) ;
				} // end if
			} catch (NamingException e) {
				// TODO Auto-generated catch block
				e.printStackTrace();
			} catch (SQLException e) {
				// TODO Auto-generated catch block
				e.printStackTrace();
			}
		} // end if
		else {
			request.setAttribute("errors", errors) ;
		} // end else
			
	
		request.getRequestDispatcher(nextpage)
		   .forward(request, response);		
	} // end doPost

	private boolean updateUserDataAndTestUesrPW(String oldpw, String pw, String mail, String name) throws NamingException, SQLException {
		DbBean db = new DbBean( "jdbc/ctmpllab" );
		String sqlQuery_testPW = "SELECT PASSWORD FROM ACCOUNTABLE WHERE ACCOUNT = '" + name + "'" ;
		pw = MD5encrypt.generate(pw);//用md5加密帳戶密碼
		
		String sqlQuery_updatePW = "UPDATE ACCOUNTABLE SET PASSWORD = '" + pw + "' WHERE ACCOUNT = '" + name + "'" ;
		String sqlQuery_updateMail = "UPDATE ACCOUNTABLE SET MAIL = '" + mail + "' WHERE ACCOUNT = '" + name + "'";
		oldpw = MD5encrypt.generate(oldpw);//用md5加密帳戶密碼

		
		if ( db.isConnectedOK() ) {
			ResultSet rs = db.ExcuteResult(sqlQuery_testPW); ;
		    rs.next(); 
			
			if ( ! rs.getString("password").trim().equals(oldpw) )
				return false ;
		
			if ( pw != null && ! pw.equals("") )	
				db.ExcuteUpdate( sqlQuery_updatePW );
			if ( mail != null && ! mail.equals("") )
				db.ExcuteUpdate(sqlQuery_updateMail);
		
		} // end if
		else {
			System.out.println("資料庫連接錯誤");
		} // end else
		
		return true;
	}

	private boolean isInvalidMail(String mail) {
		return (! mail.matches("^[_a-z0-9-]+([.]" + 
		"[_a-z0-9-]+)*@[a-z0-9-]+([.][a-z0-9-]+)*$") ) && mail != null && !mail.equals("") ;
	}

	private boolean isInvalidPW(String pw) {
		return !pw.equals("") && ( pw.length() < 6 || pw.length() > 12 ) ;
	}
	
	
} // end class
